Just Give Me the Beans!
Security research.
I was recently reading an article from EFF.org
As I understand it security researchers are pursued by law enforcement and governments
Why is this pursuit with security researchers rolling? Since they are working on fixing software and hardware failures that everyone uses?
As I understand it, they are hackers with a character.
https://www.eff.org/effector/32/12
Good Journey !
Moved to UL&OS Chat.
"Our intention creates our reality. "
Ubuntu Documentation Search: Popular Pages
Ubuntu: Security Basics
Ubuntu: Flavors
<--- Run xman to see that window.
Hackers usually don't fix anything. They point out the mistakes made by others. This is often embarrassing, assuming the hacker reporting the problem is correct. Not every report is factual.
How do you know when someone breaks into your systems if they are a white hat or a black hat? Law enforcement can't tell and many white hat hackers hide their real identities to avoid over zealous prosecution for embarrassing govts, companies and individuals.
My state tried to pass a law that made changing a URL from HTTPS:// to HTTP:// illegal. I'm 100% serious. To the state attorney general, that was "hacking." The state was embarrassed when they left voting information on a server that was publicly accessible. Instead of fixing the poor management of the data, they decided to go after the "security researcher" who had embarrassed them, fortunately there wasn't a law that could be used. Our local EFF and security vendors (we have some world famous security people and companies here), tried to work with the legislature to craft a bill that would go after people causing harm, but protect people who just didn't want data leaked. The bill being pushed wanted criminal charges for looking even when there wasn't any protective measures in place. Fortunately, the governor at the time rejected the bill, suggesting that the legislature work with white hat hackers and professional security companies to come up with a bill that gets the best from all sides. I know the white hats want to be shielded from lawsuits when they report issues to companies, in good faith, and wait the industry standard time for corrective actions before going public. Without the ability to go public, no company will fix anything. They need to be embarrassed by their lack of reasonable speed for corporate budget to become available for a fix.
Anyways, as soon as a researcher accesses a computer in a different state, it now becomes a federal or international issue. Which laws apply? The location of the server would normally have jurisdiction, so if you are a white-hat just trying to help out against data leaks, be certain you know where a computer is physically before doing anything.
And stop putting sensitive information on cloudy storage folks. Please.
5 Cups of Ubuntu
I am a white hat - I hack for a living but under controlled conditions where the victim knows and approves of my activities. I have to say that it is my opinion hacking is not a crime for those security researchers out there that are providing a valuable service by exposing software and hardware vulnerabilities to the vendor. I don't agree when law enforcement attempts to flag these folks as "nefarious". Law enforcement and lawmakers, probably have no clue what service they provide and simply sees the act itself. TheFu: your comment about your state partnering with white hats is good; it shows they realize they are not the experts.
Without security researchers, the Internet would be an even more unsecure place than it already is.
I use cloud storage all the time but take precautions: everything sensitive in a cloud is encrypted by me prior to being stored. 90+% of my data is in my NAS under my desk so I do hold most of it.
“The meaning of life is to find your gift. The purpose of life is to give it away.”
Ubuntu addict and loving it
the security researchers that are pursued are believed to be enabling black-hat hackers by using speech (widely considered a right in the world) to reveal bugs they find in software they have (access to) copies of. these security researchers are not generally exploiting the bugs they find. they do this research within their own facilities. gray-hat hackers (i used to do this many decades ago) do exploits and other break-ins without causing damage or stealing copies of files and data. they often provide information (usually anonymously) to the victim about their exposure.
security researchers have, in the past, simply announced that certain software had exploitable bugs, but found that these bugs were not being fixed. one reason could legitimately be that the developer could not find the bug. in many cases, the business just denied the bug and made no effort to find it. there really have been people would (usually anonymously) make false announcement of bugs, hoping to either harm the developer, or cause a dip in stock price they could exploit through short sales in the stock market (or buy-in at the lower price).
security researchers were often asked to prove that these bugs really do exist. even when they did that only through private communication to the developer, it was found that bugs were still not being fixed.
the public also asked for such proof. so, security researchers said in advance the proof would be made public in the future, after a reasonable time to fix their bug. but the end result was many court orders to block revealing this proof. police pursuit started when these orders were typically violated. it became quite clear that business people (as opposed to individual developers) did not want to make the effort to fix bugs they now knew of.
today, it is now typical for the proof to accompany the announce or be released at the same time. companies still try to engage police and legal processes to pursue these cases more out of "brand harm" than the worry of zero-day exploitation by others (black-hats that are still referred to as hackers by the public).
many security researchers operate anonymously. a few others have developed enough reputation that they can be trusted to be truthful in an announcement not accompanied by proof.
Mask wearer, Social distancer, System Administrator, Programmer, Linux advocate, Command Line user, Ham radio operator (KA9WGN/8, tech), Photographer (hobby), occasional tweetXer
Ubuntu Member
we should have "white hat" law hackers. they would search for loopholes and then unless fixed in timely manner by parliament they would notify the public along with instruction on how to hack the law. right now it seems only the rich with money for lawyers know how to avoid tax, various company theft persecution etc.
that way maybe the loopholes won't stay open for years with osme people knowing about them and exploiting them, getting rich in the process.
Read the easy to understand, lots of pics Ubuntu manual.
Do i need antivirus/firewall in linux?
Full disk backup (newer kernel -> suitable for newer PC): Clonezilla
User friendly full disk backup: Rescuezilla
Adv Reply
Bookmarks